[SECURITY] Use HTTPS to resolve dependencies in Maven Build

modules/master/pom.xml

@@ -3,7 +3,7 @@
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<slf4j.version>1.7.5</slf4j.version>
-		<packet.version>7.1.0</packet.version>
+		<packet.version>7.1.3</packet.version>
 		<packaging.type>bundle</packaging.type>
 		<dir>target</dir>
 		<maven.build.timestamp.format>yyyy-MM-dd/HH:mm:ss</maven.build.timestamp.format>
@@ -220,12 +220,12 @@
 		<repository>
 			<id>tigase</id>
 			<name>Tigase repository</name>
-			<url>http://maven-repo.tigase.org/repository/release</url>
+			<url>https://maven-repo.tigase.org/repository/release</url>
 		</repository>
 		<repository>
 			<id>tigase-snapshot</id>
 			<name>Tigase repository</name>
-			<url>http://maven-repo.tigase.org/repository/snapshot</url>
+			<url>https://maven-repo.tigase.org/repository/snapshot</url>
 			<snapshots>
 				<enabled>true</enabled>
 			</snapshots>
@@ -235,13 +235,12 @@
 		<repository>
 			<id>tigase</id>
 			<name>Tigase repository</name>
-			<url>http://maven-repo.tigase.org/repository/release</url>
+			<url>https://maven-repo.tigase.org/repository/release</url>
 		</repository>
 		<snapshotRepository>
 			<id>tigase-snapshot</id>
 			<name>Tigase snapshot repository</name>
-			<url>http://maven-repo.tigase.org/repository/snapshot</url>
+			<url>https://maven-repo.tigase.org/repository/snapshot</url>
 		</snapshotRepository>
 	</distributionManagement>
 </project>
-

pom.xml

@@ -5,7 +5,7 @@
 		<tests.excludeGroups>tigase.tests.SlowTest</tests.excludeGroups>
 	</properties>
 	<modelVersion>4.0.0</modelVersion>
-	<groupId>tigase</groupId>
+	<groupId>org.kontalk</groupId>
 	<artifactId>tigase-server</artifactId>
 	<name>Tigase XMPP Server</name>
 	<packaging>${packaging.type}</packaging>
@@ -171,6 +171,34 @@
 					<verbose>${verbose-log}</verbose>
 				</configuration>
 			</plugin>
+                        <plugin>
+                            <groupId>org.apache.maven.plugins</groupId>
+                            <artifactId>maven-dependency-plugin</artifactId>
+                            <version>2.8</version>
+                            <executions>
+                            <execution>
+                                <phase>install</phase>
+                                <goals>
+                                    <goal>copy-dependencies</goal>
+                                </goals>
+                                <configuration>
+                                    <outputDirectory>${project.build.directory}/lib</outputDirectory>
+                                </configuration>
+                            </execution>
+                            </executions>
+                        </plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-jar-plugin</artifactId>
+				<version>3.0.2</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>test-jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 	<dependencies>
@@ -205,6 +233,11 @@
 			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.codehaus.groovy</groupId>
+			<artifactId>groovy-all</artifactId>
+			<version>2.4.6</version>
+			<scope>compile</scope>
+		</dependency>
 	</dependencies>
 </project>
-

src/main/java/tigase/server/xmppclient/ClientTrustManagerFactory.java

@@ -81,29 +81,7 @@ protected X509Certificate[] getAcceptedIssuers() {
 	}
 
 	public TrustManager[] getManager(final VHostItem vHost) {
-		TrustManager[] result = trustManagers.get(vHost);
-
-		if (result == null) {
-			if (log.isLoggable(Level.FINEST))
-				log.finest("Creating new TrustManager for VHost " + vHost);
-
-			result = defaultTrustManagers;
-			String path = vHost.getData(CA_CERT_PATH);
-			if (log.isLoggable(Level.FINEST))
-				log.finest("CA cert path=" + path + " for VHost " + vHost);
-			if (path != null) {
-				TrustManager[] tmp = loadTrustedCert(path);
-				if (tmp != null) {
-					if (log.isLoggable(Level.FINEST))
-						log.finest("Using custom TrustManager for VHost " + vHost);
-					result = tmp;
-					trustManagers.put(vHost, result);
-				}
-			}
-		} else if (log.isLoggable(Level.FINEST))
-			log.finest("Found TrustManager for VHost " + vHost);
-
-		return result;
+		return emptyTrustManager;
 	}
 
 	public TrustManager[] getManager(final XMPPIOService<Object> serv) {
@@ -123,7 +101,7 @@ public boolean isTlsNeedClientAuthEnabled(final VHostItem vhost) {
 
 	public boolean isTlsWantClientAuthEnabled(final VHostItem vhost) {
 		TrustManager[] tmp = getManager(vhost);
-		return tmp != null && tmp.length > 0;
+		return tmp == emptyTrustManager || (tmp != null && tmp.length > 0);
 	}
 
 	protected TrustManager[] loadTrustedCert(String caCertFile) {

src/main/java/tigase/server/xmppclient/StreamManagementIOProcessor.java

@@ -79,6 +79,8 @@ public class StreamManagementIOProcessor implements XMPPIOProcessor {
 	private static final String RESUMPTION_TIMEOUT_PROP_KEY = "resumption-timeout";
 	private static final String RESUMPTION_TIMEOUT_START_KEY = "resumption-timeout-start";
 	private static final String STREAM_ID_KEY = XMLNS + "_stream_id";
+	private static final String ACK_TIMEOUT_PROP_KEY = "ack-timeout";
+	private static final String ACK_WAIT_TASK_KEY = XMLNS + "_ack-wait-task";
 
 	private static final Element[] FEATURES = { new Element("sm", new String[] { "xmlns" },
 			new String[] { XMLNS }) };
@@ -90,6 +92,7 @@ public class StreamManagementIOProcessor implements XMPPIOProcessor {
 	private int max_resumption_timeout = 15 * 60;
 	private int resumption_timeout = 60;
 	private int ack_request_count = DEF_ACK_REQUEST_COUNT_VAL;
+	private int ack_timeout = 0;
 
 	private ConnectionManager connectionManager;
 
@@ -210,6 +213,12 @@ else if (packet.getElemName() == RESUME_NAME) {
 				OutQueue outQueue = (OutQueue) service.getSessionData().get(OUT_COUNTER_KEY);
 				if (outQueue != null) {
 					outQueue.ack(val);
+
+					TimerTask timerTask = (TimerTask) service.getSessionData().remove(ACK_WAIT_TASK_KEY);
+					if (timerTask != null) {
+						timerTask.cancel();
+					}
+
 				} else {
 					if (log.isLoggable(Level.FINE)) {
 						log.log(Level.FINE, "{0}, outQueue already null while processing: {1}", new Object[] { service, packet });
@@ -234,8 +243,9 @@ else if (packet.getElemName() == REQ_NAME) {
 			}
 			return true;
 		}
-
-		((Counter) service.getSessionData().get(IN_COUNTER_KEY)).inc();
+
+		if (shouldIncrementIncoming(service, packet))
+			((Counter) service.getSessionData().get(IN_COUNTER_KEY)).inc();
 
 		return false;
 	}
@@ -260,6 +270,18 @@ public void packetsSent(XMPPIOService service) throws IOException {
 		OutQueue outQueue = (OutQueue) service.getSessionData().get(OUT_COUNTER_KEY);		
 		if (outQueue != null && shouldRequestAck(service, outQueue)) {
 			service.writeRawData("<" + REQ_NAME + " xmlns='" + XMLNS + "' />");
+
+			if (ack_timeout > 0) {
+				synchronized (service) {
+					TimerTask oldTask = (TimerTask) service.getSessionData().remove(ACK_WAIT_TASK_KEY);
+					if (oldTask != null) {
+						oldTask.cancel();
+					}
+					TimerTask timerTask = new AckTimeoutTask(service);
+					service.getSessionData().put(ACK_WAIT_TASK_KEY, timerTask);
+					connectionManager.addTimerTask(timerTask, ack_timeout * 1000);
+				}
+			}
 		}
 	}
 
@@ -271,6 +293,10 @@ public void packetsSent(XMPPIOService service) throws IOException {
 	protected boolean shouldRequestAck(XMPPIOService service, OutQueue outQueue) {
 		return outQueue.waitingForAck() >= ack_request_count;
 	}
+
+	protected boolean shouldIncrementIncoming(XMPPIOService service, Packet packet) {
+		return true;
+	}
 
 	@Override
 	public void processCommand(XMPPIOService service, Packet pc) {
@@ -453,6 +479,11 @@ else if (id != null) {
 			services.remove(id, service);
 		}
 
+		TimerTask timerTask = (TimerTask) service.getSessionData().remove(ACK_WAIT_TASK_KEY);
+		if (timerTask != null) {
+			timerTask.cancel();
+		}
+
 		if (log.isLoggable(Level.FINEST)) {
 			log.log(Level.FINEST, "{0}, service stopped - resumption disabled, sending unacked packets", new Object[] { service });
 		}		
@@ -477,6 +508,9 @@ public void setProperties(Map<String,Object> props) {
 		if (props.containsKey(ACK_REQUEST_COUNT_KEY)) {
 			this.ack_request_count = (Integer) props.get(ACK_REQUEST_COUNT_KEY);
 		}
+		if (props.containsKey(ACK_TIMEOUT_PROP_KEY)) {
+			this.ack_timeout = (Integer) props.get(ACK_TIMEOUT_PROP_KEY);
+		}
 	}
 
 	/**
@@ -616,7 +650,27 @@ public void run() {
 		}
 
 	}
-
+
+	/**
+	 * AckTimeoutTask class is used for handling timeout of ack requests.
+	 */
+	private class AckTimeoutTask extends TimerTask {
+
+		private final XMPPIOService service;
+
+		public AckTimeoutTask(XMPPIOService service) {
+			this.service = service;
+		}
+
+		@Override
+		public void run() {
+			if (service.isConnected()) {
+				service.forceStop();
+			}
+		}
+
+	}
+
 	protected Counter newCounter() {
 		return new Counter();
 	}

src/main/java/tigase/server/xmppsession/SessionManager.java

@@ -2133,7 +2133,7 @@ protected Integer getMaxQueueSize(int def) {
 		return def * 10;
 	}
 
-	protected XMPPSession getSession(BareJID jid) {
+	public XMPPSession getSession(BareJID jid) {
 		return sessionsByNodeId.get(jid);
 	}
 

src/main/java/tigase/util/DBSchemaLoader.java

@@ -19,6 +19,7 @@
 package tigase.util;
 
 import java.io.*;
+import java.net.URLEncoder;
 import java.sql.*;
 import java.util.ArrayList;
 import java.util.LinkedHashSet;
@@ -98,6 +99,8 @@ class DBSchemaLoader extends SchemaLoader {
 	public static final String ADMIN_JID_KEY = "adminJID";
 	public static final String ADMIN_JID_PASS_KEY = "adminJIDpass";
 	public static final String LOG_LEVEL_KEY = "logLevel";
+	public static final String USE_SSL = "useSSL";
+	public static final String SERVER_TIMEZONE = "serverTimezone";
 	public static final String DASH = "-";
 	// defaults
 	public static final String DATABASE_TYPE_DEF = "mysql";
@@ -307,6 +310,18 @@ private static Properties parseArgs( String[] args ) {
 							props.setProperty( LOG_LEVEL_KEY, args[i].toUpperCase() );
 						}
 						break;
+					case DASH + USE_SSL:
+						if ( args.length > i + 1 ){
+							i++;
+							props.setProperty( USE_SSL, args[i] );
+						}
+						break;
+					case DASH + SERVER_TIMEZONE:
+						if ( args.length > i + 1 ){
+							i++;
+							props.setProperty( SERVER_TIMEZONE, args[i] );
+						}
+						break;
 				}
 			}
 		}
@@ -645,7 +660,7 @@ public Result validateDBSchema( Properties variables ) {
 			return Result.ok;
 		}
 		if ( !schema_exists ){
-			db_conn = getDBUri( variables, true, true );
+			db_conn = getDBUri( variables, true, false );
 			log.log( Level.INFO, "DB schema doesn't exists, creating one..., URI: " + db_conn );
 			try {
 				try ( Connection conn = DriverManager.getConnection( db_conn ) ;
@@ -972,6 +987,9 @@ private static String getDBUri( Properties props, boolean includeDbName, boolean
 				db_uri += ";schema=dbo";
 				db_uri += ";lastUpdateCount=false";
 				db_uri += ";cacheMetaData=false";
+				if ( Boolean.valueOf(props.getProperty(USE_SSL)) ) {
+					db_uri += ";encrypt=true";
+				}
 				break;
 			default:
 				db_uri += "//" + props.getProperty( DATABASE_HOSTNAME_KEY ) + "/";
@@ -985,6 +1003,21 @@ private static String getDBUri( Properties props, boolean includeDbName, boolean
 						 && !props.getProperty( PASSWORD ).isEmpty() ){
 					db_uri += "&password=" + props.getProperty( PASSWORD );
 				}
+				if ( Boolean.valueOf(props.getProperty(USE_SSL)) ) {
+					db_uri += "&useSSL=true";
+				}
+				else if ( props.getProperty(USE_SSL) != null ) {
+					// explicitly disable SSL to avoid a warning by the driver
+					db_uri += "&useSSL=false";
+				}
+				if ( props.getProperty(SERVER_TIMEZONE) != null ) {
+					try {
+						db_uri += "&serverTimezone=" + URLEncoder.encode(props.getProperty(SERVER_TIMEZONE), "UTF-8");
+					}
+					catch (UnsupportedEncodingException e) {
+						log.warning("Invalid encoding in "+SERVER_TIMEZONE+" parameter: " + props.getProperty(SERVER_TIMEZONE));
+					}
+				}
 				break;
 		}
 		return db_uri;

src/main/java/tigase/xmpp/XMPPResourceConnection.java

@@ -564,6 +564,10 @@ public AuthRepository getAuthRepository() {
 		return authRepo;
 	}
 
+	public long getAuthenticationTime() {
+		return authenticationTime;
+	}
+
 	/**
 	 * Method description
 	 *

src/main/java/tigase/xmpp/impl/C2SDeliveryErrorProcessor.java

@@ -122,22 +122,16 @@ public static boolean preProcess(Packet packet, XMPPResourceConnection session,
 				String delay = deliveryError.getAttributeStaticStr("stamp");
 				if (delay == null)
 					return true;
-
-				// maybe we should forward data to only active sessions which were not available at this point??
-				// how to get time of error? or maybe original time of message? timestamp might be slow while 
-				// in other case we might get issues with servers in other timezones!
-				long time = Long.parseLong(delay);
-
+
+				boolean processed = false;
 				for (XMPPResourceConnection conn : sessionsForMessageDelivery) {
-					if (conn.getCreationTime() <= time)
-						continue;
-
 					Packet result = packet.copyElementOnly();
 					result.setPacketFrom(packet.getPacketTo());
 					result.setPacketTo(conn.getConnectionId());
 					results.offer(result);
+					processed = true;
 				}
-				return true;
+				return processed;
 			}
 
 			return false;